Architectural support for arithmetic in optimal extension fields

Public-key cryptosystems generally involve computation-intensive arithmetic operations, making them impractical for software implementation on constrained devices such as smart cards. We investigate the potential of architectural enhancements and instruction set extensions for low-level arithmetic used in public-key cryptography, most notably multiplication in finite fields of large order. The focus of the present work is directed towards a special type of finite fields, the so-called optimal extension fields GF(p/sup m/) where p is a pseudo-Mersenne (PM) prime of the form p = 2/sup n/ - c that fits into a single register. Based on the M/PS32 instruction set architecture, we introduce two custom instructions to accelerate the reduction modulo a PM prime. Moreover, we show that the multiplication in an optimal extension field can take advantage of a multiply/accumulate unit with a wide accumulator so that a certain number of 64-bit products can be summed up without overflow. The proposed extensions support a wide range of PM primes and allow a reduction modulo 2/sup n/ - c to complete in only four clock cycles when n /spl les/ 32.

[1]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[2]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[3]  Reinhard Posch,et al.  Modulo Reduction in Residue Number Systems , 1995, IEEE Trans. Parallel Distributed Syst..

[4]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[5]  Jean-Claude Bajard,et al.  An RNS Montgomery Modular Multiplication Algorithm , 1998, IEEE Trans. Computers.

[6]  Johann Großschädl,et al.  Architectural Enhancements for Montgomery Multiplication on Embedded RISC Processors , 2003, ACNS.

[7]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[8]  Tolga Acar,et al.  Analyzing and comparing Montgomery multiplication algorithms , 1996, IEEE Micro.

[9]  Christof Paar,et al.  Elliptic Curve Cryptography on Smart Cards without Coprocessors , 2001, CARDIS.

[10]  Atsushi Shimbo,et al.  Implementation of RSA Algorithm Based on RNS Montgomery Multiplication , 2001, CHES.

[11]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[12]  Nigel P. Smart,et al.  A comparison of different finite fields for use in elliptic curve cryptosystems , 2000 .

[13]  T. Itoh,et al.  A Fast Algorithm for Computing Multiplicative Inverses in GF(2^m) Using Normal Bases , 1988, Inf. Comput..

[14]  Andrew M. Odlyzko,et al.  Discrete Logarithms: The Past and the Future , 2000, Des. Codes Cryptogr..

[15]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[16]  Anatolij A. Karatsuba,et al.  Multiplication of Multidigit Numbers on Automata , 1963 .

[17]  Christof Paar,et al.  Optimal Extension Fields for Fast Arithmetic in Public-Key Algorithms , 1998, CRYPTO.

[18]  Roberto Maria Avanzi,et al.  Generic Efficient Arithmetic Algorithms for PAFFs (Processor Adequate Finite Fields) and Related Algebraic Structures (Extended Abstract) , 2003, Selected Areas in Cryptography.

[19]  B. S. Adiga,et al.  Fast algorithms for implementing RSA public key cryptosystem , 1985 .

[20]  David Seal,et al.  ARM Architecture Reference Manual , 2001 .

[21]  N. Burgess,et al.  Implementing 1,024-bit RSA exponentiation on a 32-bit processor core , 2000, Proceedings IEEE International Conference on Application-Specific Systems, Architectures, and Processors.

[22]  Johann Großschädl,et al.  Instruction set extension for fast elliptic curve cryptography over binary finite fields GF(2/sup m/) , 2003, Proceedings IEEE International Conference on Application-Specific Systems, Architectures, and Processors. ASAP 2003.

[23]  Eric Peeters,et al.  Parallel FPGA implementation of RSA with residue number systems - can side-channel threats be avoided? , 2003, 2003 46th Midwest Symposium on Circuits and Systems.

[24]  Srivaths Ravi,et al.  System design methodologies for a wireless security processing platform , 2002, DAC '02.

[25]  A. Murat Fiskiran,et al.  Workload characterization of elliptic curve cryptography and other network security algorithms for constrained environments , 2002, 2002 IEEE International Workshop on Workload Characterization.

[26]  James Ross Goodman,et al.  Energy scalable reconfigurable cryptographic hardware for portable applications , 2000 .